struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Benedict <pbened...@apache.org>
Subject Re: Struts 1.3 : Preventing SQL Injection (form.field validation)
Date Sat, 23 Mar 2013 04:58:34 GMT
If you use JDBC prepared statements, you will not have to worry about SQL
injection.

Paul

On Fri, Mar 22, 2013 at 6:36 PM, J.V. <jvsrvcs@gmail.com> wrote:

> Does anyone out there have a method I could use to pass a form field
> variable that would check for all known SQL injection vulnerabilities (with
> regards to the form field only, irrespective of the method of SQL
> execution) and return a true/false if it passes the test?
>
> I have about 100+ forms ( 500+ fields) to validate for SQL injection
> vulnerabilities and was thinking of creating an abstractForm.java class and
> putting the validate method there and calling that in each of the
> MyForm.java classes validate() method.
>
> I thought initially it would be better to move everything over to use
> Apache commons validator, create a global rule and simply apply the global
> rule to every form field but it may be better to take this approach.
>
> Any thoughts on the approach or a validator classs to pattern match the
> field would be helpful (if you have had such a case in the past).
>
> thanks
>
> J.V.
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: user-unsubscribe@struts.**apache.org<user-unsubscribe@struts.apache.org>
> For additional commands, e-mail: user-help@struts.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message